The EAP-MD5 algorithm consists of the following basic steps : 1. The client sends the username to the server in clear text. 2. The server validates the username and sends the client a clear text message(called the challenge). 3. The client uses the MD5 hashing algorithm to produce a reply using the message text and the user password (so that the password itself isn’t sent). 4. The server uses the same hashing algorithm (using the client's password stored on the server) to verify the reply.